Feed on
Posts
Comments

Tandy CCR-82

[photos: flickr – Tandy CCR-82 tape recorder]

Between VCF West and the Electronics Flea Market I have been inundated with projects! I wasn’t intending to mess with cassette tape on the TRS-80, despite having a cassette of Talking Eliza. At VCF I ran across a Tandy tape recorder in good shape in a box for a great price, so sure why not. It had the original box, manual, packing material, and TRS-80 interface cable. We had one of these, I think an prior generation, once upon a time but I guess it got sold with our old Model 3.

I stuck new batteries in it, hit play and I could feel the motor turning but nothing. Opening it up it was immediately obvious what was wrong, the drive belts were completely stretched out and lost tension. Browsing Youtube for the CCR-82 I happened upon this one from ACs 8-Bit Zone where he replaces the belt and does some other troubleshooting, and I used it as my guide. Later I found Console5 sold a belt kit for the CCR-82 which I bought.

Console5 CCR-82 belt kit

I got all the bits and put it aside for a few weeks. I thought I’d make a repair view, but decided against it since one already existed. Finally tonight I dove in to trying to revive mine.

In AC’s video it shows disconnecting various wires from the PCB with a soldering iron to lift the PCB out of the way. I thought I could get away with doing this and was able to replace the third (counter) belt, but ran into problems with the middle drive belt. It had completely turned into an extremely sticky rubber string that I had to pick off bit by bit with tweezers, which got everywhere. I needed to get the PCB out of the way to clean things up more, fortunately it was just a few quick dabs with the iron to get the four wires loose.

I cleaned the gears up with 91% IPA and got the belts on without any issue. I cleaned up the old grease on all the mechanisms and put new silicone grease on, everything seemed tip top. I flipped it over and play/fast-forward/rewind all worked even with a tape but record was physically not working. Opening it back up and checking the release mechanism I realized the tape I had was write-protected, sticking some tape on the holes later, record worked!

Now I need to figure out how to make it work with the TRS-80. Fiddling around I found I had a version of BASIC that supported CLOAD/CSAVE. I could CSAVE a BASIC program to tape, play it back in all of its FM/MFM audio glory. But for some reason when I tried to CLOAD, I could hear something click inside the TRS-80, the tape would play for a second, stop and the prompt would return on the system. I don’t know if I’m not getting audio back to the computer or there’s some other reason it doesn’t seem to load completely.

This will be the next thing to figure out, but at least the tape recorder is finally working!

I was recently expanding my analog voice empire and noticed my Cisco ATA191 was blinking like it was rebooting, and coming back. Looking at logs it was indeed warm rebooting and SIP re-registering every few minutes. I ruled out a duplicate IP address, and it never missed a ping. I was wondering if the VoIP provider was having issues, or if adding a new extension somehow broke things, so I rolled back changes I made. After a few hours of maddening searching I saw link flaps on my switch and thought ah ha it’s just a flaky cable. No, shortly after fixing the cable the ATA still kept rebooting. My other ATAs like the Cisco SPA122 and Grandstream weren’t having problems and stayed registered the whole time.

In the debug logs on the ATA I’d see something like this, like something was happening to cause the unit to want to reboot. The “reboot reason 800000” and “reason 0x800000” looked interesting but I didn’t turn up any useful information. Had I had a support contract they could probably tell me quickly, but I’m on my own.

Jul 28 20:09:22 ata01 Network[468]: [netCtrl]: raMonitorMain(), send AUTO_CFG_CHANGE to WAN
Jul 28 20:09:22 ata01 [161241.038349] sysevt_comm_sendto: (54, rc)=>
Jul 28 20:09:22 ata01 System[468]: [rcDbg]==== event_process start-832 , module(wan_module, evid=0x702) ====
Jul 28 20:09:22 ata01 Network[468]: wan_event_process(1279)..recv AUTO_CFG_CHANGE...
Jul 28 20:09:23 ata01 Network[468]: [netCtrl]: runDhcpv6App(), infoOnly = 1, prefixLen = 64
Jul 28 20:09:23 ata01 System[468]: [rcDbg]==== event_process end-832 ====
...
Jul 28 20:09:25 ata01 vsock: nmlink_server_task(), message received: 14
Jul 28 20:09:25 ata01 vsock: nmlink_server_task(), voice app restart
Jul 28 20:09:25 ata01 vsock: system request reboot, type 1, reason 0x800000, graceful 0
Jul 28 20:09:25 ata01 vsock: [cc_pre_reboot_check]: NO CALL, send unregister here...
...
Jul 28 20:09:26 ata01 vsock: SIP_regTsEventProc(event: 28)
Jul 28 20:09:26 ata01 vsock: setRegState(), line{1} REG State(1->0) pCause=unREG
Jul 28 20:09:26 ata01 vsock: SIP_regTsEventProc(event: 32)
Jul 28 20:09:27 ata01 vsock: fpar2_update_flash() Finish SYS Saved, infoCnt=0 sysCnt=3
Jul 28 20:09:27 ata01 vsock: fpar2_update_flash() PAL-PARM Saved, pid=208, type=2, attr=0x0, name=SIP Reg Call ID State
Jul 28 20:09:28 ata01 vsock: fpar2_update_flash() Finish PAL Saved, palCnt=1 infoCnt=0 sysCnt=3
Jul 28 20:09:28 ata01 vsock: reboot_check(341), reboot reason 800000
Jul 28 20:09:29 ata01 vsock: hal_board_warm_reboot (145, tid=0xc47ff460) do system sync
Jul 28 20:09:29 ata01 vsock: SAFE_MON_main() ccTick:6266->6366, ccCnt=6146->0, monNum=2
Jul 28 20:09:30 ata01 vsock: hal_board_warm_reboot () fp-size=1048576 date=2024-07-28T20:09:28
Jul 28 20:09:30 ata01 vsock: hal_board_warm_reboot (163, tid=0xc47ff460) terminate VoIP service

The “AUTO_CFG_CHANGE” bit followed a dump of dhcpv6c details made me think something related to SLAAC, DHCPv6, router advertisements. Especially when I was watching the unit now reboot every 5 minutes now. I had just powered up a new, freshly wiped Cisco 2821 on my LAN with some basic IPv6 config and realized the thing must be sending out IPv6 RAs or maybe some sort of CallManager auto-provisioning thing the ATA was picking up on.

Logging into the Cisco I did a  ‘ipv6 nd ra suppress‘ on the interface plugged into my LAN. It’s not connected to anything else and therefore has no connectivity to offer. Lo and behold the auto reboots stopped!

It was only the Cisco ATA191 that had this problem. The Cisco SPA122 and Grandstream HT802 are on the same LAN and they had no problems at all. I have only one other router on this LAN, and it’s been speaking IPv6 for years just fine. The ATA is configured to get an IPv6 address from DHCPv6 along with a static list of DNS servers. (Now I remember the SPA122 is lame and doesn’t even support IPv6). I can reproduce this by re-enabling RAs on the Cisco and the problem with the ATA191 comes right back and starts warm rebooting again.

This feels like a bug, a device receiving two sets of RAs shouldn’t go janky like this. I dug into this for a while today doing some packet captures from the ATA’s switchport. I could see RAs from my normal router and the Cisco router on the wire, but nothing was really lining up time-wise with the log messages I was seeing. RAs might go by and then like 60-120 seconds later it decides to reboot itself. I can’t even come up with any off the cuff theories, it’s not like the Cisco was advertising anything crazy.

I stopped looking into this problem but maybe if somebody else stumbles upon this it’ll give them some insight to carry on and find a root cause. To be clear I am absolutely not advocating for disabling IPv6 here!

Cisco 2821 Noctua fan replacement

[photos: flickr – Cisco 2821 fan replacement]

I have both a Cisco 2921 and this Cisco 2821 to play with. The 2921 is considerably louder even at idle and not really suitable for my 24/7 homelab production. The 2821 is much quieter so I wanted to use it, but was still enough white noise to notice. If it had brand new fans it may have been quiet enough, but these were of 2005 vintage and had some noise to them. The existing fans were Delta AFB0812SH-F00R, 4000 RPM, 80 mm, 12 VDC, with a 3-pin connector.

Instead of just buying a set of the same OEM fans, I tried a set of Noctua NF-A8 FLX fans. I didn’t think I needed to go all the way to their ultra low noise versions, just some with a lower RPM. At first they didn’t work, then I noticed the red cable on the Delta fans was on the outside, and on the middle on the Noctua fans. Using a paperclip to push out the terminals, I re-arranged them with the red on the left, black in the middle, and yellow on the right. The fans worked, at full RPM.

IOS was cranky about it, repeatedly with %ENVMON-4-FAN_LOW_RPM in the logs and show environment reporting “Low RPM”.

vintage-gw2#show environment

 Main Power Supply is AC

 Fan 1 Low RPM
 Fan 2 Low RPM
 Fan 3 Low RPM

 Fan Speed Setting: Normal

 System Temperature: 29 Celsius (normal)

 Environmental information last updated 00:00:10 ago

The datasheet for the Delta fans shows the white cable is a tach / frequency generator output, and the Noctua fan also has a tach output. At idle the Delta fan was running around 2520 RPM. When I measured the Nocuta it was running at 1400 RPM, so this may be too low for what the router was expecting. I’ve seen on reddit other people have encountered this same problem with other Cisco routers, trying various wiring hacks, with no satisfactory solutions. It may need a circuit to artificially output double the frequency so the Cisco things it’s running faster, or just short the thing to 12 V and be done with it. At least here at home I don’t think it’s going to overheat.

7/29: Playing with my oscilloscope today, I see these kind of waveforms on the tach/fan speed pins of the Delta and Noctua fan. Also at boot the Cisco kicks the output voltage to 12 volt and then settles in around 7.2 volt at idle.

Delta fan tach pin output

Noctua speed output

Update 9/2:

If you get really fed up with the %ENVMON-4-FAN_LOW_RPM messages want want to yeet them into the void, hashtag YOLO, ignore all the consequences, you can set up a logging discriminator:

logging discriminator nolog msg-body drops Fan
logging buffered discriminator nolog 4096
logging console discriminator nolog
logging monitor discriminator nolog

Many years ago I was out of the country turning up a new site. Along with racks of servers we had a pair of cabinets shipped to us that contained Cisco 6509s, patch panels, with 300+ ports pre-mounted, pre-cabled, and tested from our main US site. This was a weeks long project and we were a couple of days from being completely done and going home, and the site was already taking some customer traffic. The company CEO stops by to check things out, barely looks at one of the 6509s and says “that’s mounted wrong”. We never noticed it, the group that originally racked it never noticed it, but indeed the rear of the 6509’s shelf was one bolt position too low. Not a RU low, just a half inch.

Some people strive for perfection, some people strive for done is good enough. Word came down we had to fix it. This would entail draining all the customer traffic (an 8-12 hour wait itself), unplug all 336 patch cables, fibers, de-rack the 6500, fix the shelf, and reinstall everything. This would have added a day to our trip at the least, provided nothing else went wrong in the process. My manager and I decided to take matters into our own hands.

We went out to our rental cars and got our jacks for changing flat tires. We stuck them under the back of the 6509, gently lifted up the chassis enough to unscrew and fix the supporting shelf (the chassis rack ears were still secure to the rack), and let it back down. While it was serving customer traffic. Problem was solved within an hour, we were very happy with ourselves.

Needless to say our bosses were not happy about our bit of improvisation. But it worked and not a packet was lost that day!

FreHD menu

I wound up buying a completed FreHD kit for the TRS-80 model 4, along with the self-booting EEPROM. FreHD is a TRS-80 hard drive emulator that plugs into the I/O connector on the bottom of the system. Normally the TRS-80 hard drives required a DOS to be loaded off of a floppy disk first, then the volumes were accessible. My floppy drives are still inoperable, so going this way lets me run programs on it in the meantime.

Installing the FreHD EEPROM

I didn’t realize it at the time but the EEPROM requires some wires to be soldered to it and to some spots on the system board. It works by replacing the casette BASIC ROM (U4) with the new EEPROM which contains the bootloader. I’m ok with soldering a little, but this required a couple of connectors to wee size pads on the circuit board. Fortunately nothing destructive like trace cutting needed to be done, so I was ok with trying it. God bless jeweler’s magnifying headsets, my eyes can’t see this tiny stuff well anymore. Fuck getting old.

I got it all together without any disaster:

Finished install

As I was getting ready to put things together I noticed the I/O edge connector isn’t keyed nor does it have any numbers. Which way does the ribbon cable connect? The manual’s schematics didn’t have any numbering either, but did show all the pins on one side were all connected to ground, and the pins on the other side were connected to other components. Looking at the system board, on the component side, there’s a trace that connects every pin. I finally concluded the “even” pins 2-50 are all the grounds, and “odd” pins 1-49 are signal. So, the leftmost is pin 1 and rightmost is pin 50.

I put the system board back in, buttoned things up and fired it up. After an initial reboot the FreHD LED lit up and the FreHD loader menu popped on the screen. Success! First try!

Learning TRS-80 software

The FreHD SD image comes with several instances of LS-DOS, CP/M, NEWDOS, and various utilities on them. After poking around at different games and programs, I realized the TRS-80 is a much more capable system than I remember. In fact I don’t know much at all about the platform. When I was a kid the extent of my usage was booting TRS-DOS, loading BASIC, going to a long sheet of paper that had a list of BASIC games that were copied from who knows where, LOADing them and running them. I wrote some little BASIC programs, that was about it. We didn’t have hardly any commercial titles, I think just Superscripsit, VisiCalc, and Chicken! (The Superscriptsit did have an audio tape tutorial that taught me about proportional fonts!)

Most importantly I’m happy the thing actually runs software without crashing. Other than the video RAM issue, so far I haven’t seen any corrupted RAM, janky video, janky keys, or lockups.

The games on the system were popular names, if not knockoffs of arcade games. Frogger, Missile Command, Moon Rover, Breakout, etc. They were not some public domain BASIC programs either, they were real titles with real graphics and gameplay. Funnily enough most TRS-80 software seems to have no concept of returning to DOS, you have to hit the o’ orange reset button to get out.

Modem on the TRS-80

I found a couple of comm utilities such as Modem-80 and FastTerm II on the system so of course I had to try hooking up a modem, in this case one of my USR Couriers. First thing I had to do was track down a set of gender changers to go from DB-25 off the TRS-80 to my various DB-9/DB-25 cables to the Courier. The first app I tried was Modem-80. At first I could tell from the LEDs it was communicating with the modem but it wasn’t returning anything. I rigged up a null modem cable to my laptop and verified I could send type stuff on one system and see it on the other. I finally realized the TRS-80 wasn’t raising DTR, so I flipped a DIP switch on the Courier to always assert DTR and I was able to speak to the modem. I don’t know if this was because I wasn’t using a DB-25 to DB-25 cable or not.

I ATDT’d the BBS, lo and behold I got the Wildcat! banner and my login screen!

Dialed up to my BBS with the TRS-80

The ANSI color and graphics understandably didn’t work, but the rest did. 9600 bps seemed to be a bit too fast for it to keep up with as it griped about overruns occasionally. I had problems getting my modems to run at 2400 bps, so I settled at 4800 bps and it was decent. FastTerm II looked interesting too, of note it supported the Ymodem protocol. I found out there are other terminal emulator programs that say they support ANSI something, I need to figure out how to copy them over to the FreHD SD card and see what they do.

Floppy drives still vex me

I thought I might be able to copy Floppy Doctor over to the SD card and use it to work on the floppy drives. Then I read the manual for it and apparently it was released on a self-booting disk that TRS-DOS couldn’t read. Then I just found what looks like maybe an older CMD version, so we’ll see.

With the system booted I tried accessing the TRS-DOS disk I made. The drive would spin and seeks a bit, pause, and then come back with some error like “No disk” or directory not found or something like that. I’m still pouring over the VCF forums for ideas what to try. One thing that looks promising is to write 0x2F to a known track and then use some BASIC to seek the drive to that track and try to read, which should help sort out if the read head even works or if it’s even remotely aligned. I got my oscilloscope the other day, so I’m eager to poke some digital signals!

I do want to get at least one floppy drive working, as I have a few dozen TRS-80 floppies I want to go through.

 

This is mainly a reminder for myself so I don’t forget what I did. When using Qodem in iTerm2 on my Mac along with a Microsoft Natural Ergonomic 4000 keyboard, the “Alt” key wasn’t working inside Qodem. It was impossible to “Alt-Z” to bring up the help, the dialer screen, or anything. I didn’t have this problem on my Macbook Pro. This is even after the standard swapping of Option and Command modifier keys in System Preferences. After much fiddling and even ssh’ing to/from my laptop to rule out anymore termcap issues like before, I finally figured out in iTerm2, going to Preferences, Profiles, Keys, General and changing “Right Option key” from “Normal” to “Esc+” fixed it. What’s even weirder is that I always use my left-hand modifiers to go into these menus and I have to select “right option key” from the list and not the left? Either way I don’t know what this does or why it matters, I just went with it.

Qodem for Mac (via Homebrew) disables serial port

Also Qodem installed from Homebrew disables the serial port. So if you want to use a real dial-up modem on your Mac, you gotta compile Qodem on your own. Fortunately it’s just a quick and easy ./configure ; make ; make install.  I didn’t see in the git blame for the brew recipe any particular reason for disabling serial support, so maybe I should send a PR for it.

Boooooo serial support disabled by default in Homebrew

ANSI escape bug in Qodem

Bonus: while on the subject of Qodem, I think this one is a straight up bug that I need to submit a patch for (is it even maintained though?). I was testing a new door game GuTTerBoWl and noticed under only Qodem it spewed ANSI escape sequences to the screen. Actual original QModem, SyncTERM, MuffinTerm, and even Minicom didn’t do this, and rendered it correctly. The door author says he didn’t do any changes to the ANSI handling in the door kit (Angel Doorkit v1.0), nor had they seen this sort of output before and I believe them.

GuTTeRBoWl in Qodem

After looking at a capture of the ANSI output I noticed sequences such as ^[1;37m rendered correctly, but all the ones with no number before the semi-colon were not escaped and just sent to the caller raw like ^[;34m. Looking up some info on ANSI escape sequences, after the ^[ you can specify a mode such as change foreground/background text color, intensity, or blinking. If there are multiple modes, you can separate them with semi-colons such as ^[1;37m or ^[1;15m;20. This particular door kit was omitting a number when I presume it meant 0 or to reset modes.

At least according to wiki, a missing number is presumed to be zero (good lord there’s even a whole ECMA spec for this stuff):

All common sequences just use the parameters as a series of semicolon-separated numbers such as 1;2;3. Missing numbers are treated as 0 (1;;3 acts like the middle number is 0, and no parameters at all in ESC[m acts like a 0 reset code). Some sequences (such as CUU) treat 0 as 1 in order to make missing parameters useful.[5]: F.4.2 

 

After figuring this out, it was pretty easy to reproduce this problem in Qodem:

Testing with and without mode numbers

This is what it’s supposed to look like:

GuTTeRBowl properly rendered in SyncTERM

Funny enough I ran a 1.5-something version of this game in 1995, I had forgotten all about it until the author released v4.00 last month.

The backup tapes live!

1995 backups

[photos: flickr – 1995 Tape backup pulls]

Data has been recovered from my 1995 backup tapes! After badly mangling one of my three QIC-80 backup tapes trying to repair it to make it readable, I gave up before I screwed them up even more. Finally a couple of weeks ago I contacted Dmitry Brant, who has experience with tapes, if he still did tape data recovery and he said he does. A few days after sending the tapes to him, he got back to me “with good news and not so good.” One tape had a broken tension band but otherwise good; the second tape had some damage and wrinkles where it jammed in my drive, but was able to recover almost everything; and the third tape that I had wrenched on was too far damaged (the header was too wrinkled) to be salvageable but yet still managed to get a few megabytes off of it.

All in all there was around 250 MB of data recovered. It looks like there was a couple of full-ish backups of my old BBS and Windows 3.11 system, along with several partial or incremental backups throughout 1994 and 1995. I spent several days combing through all the files and it was like a nicely preserved little 1995 time capsule. Among the files were the contents of 27 floppies for the Slackware Linux distribution in 1994, such as AP (apps), N (TCP/IP network), X/XAP/XV (XFree86 implementation of X Windows). I distinctly remember moving these to tape because they took up a lot of my hard drive space at the time. It’s not clear which version of Slackware these came from, but definitely 1994. This was the first Linux distro I used, I seem to recall it was using a pre-1.0 kernel like maybe 0.96 or 1.2.18. Or maybe it was Slackware 1.2.18?

I was most excited about the BBS files after recently re-scratching that itch. It was all there, Wildcat! 4, my ANSI screens, cringy bulletins and welcome messages I wrote when I was 15, a couple hundred files in the files repo, door programs, log files, everything. There were a few dozen off-line QWK message files from a few bulletin boards I frequented, with my cringy messages. Half the stuff I wrote sounds like I was on a sugar rush from Mountain Dew, which I probably was. My graphics collection, which consisted of a few dozen .PCX and .GIF files. Unfortunately I didn’t seem to have a full working backup of Windows, I would have liked to see what I had there.

The BBS was named after the very small town in Oklahoma that I lived in, with much irony. It didn’t really have much of a theme or niche, other than trying to provide some sales and technical information for my gig building/selling/repairing computers. Despite being in the middle of nowhere I did have a dozen or so regular callers, mainly other BBS friends from around the country.

Door menu

I don’t know what I was thinking with most of the door programs I was running, nobody wanted that stuff. Star Trek: TNG was all the rage then, on top of trivia doors I had a few oddball Enterprise and TNG graphics.

Upload scanner written in MS-DOS batch

I was really into writing MS-DOS batch files because I was too poor to buy anyone’s utilities. One thing I had written was a batch file that figured out the file extension of uploads, .ZIP, .ARJ, .EXE, .LHZ, .Z, and then called the right archive tool to unpack and inspect it. (Still looks legit today). Another was this complicated batch file upload and virus scanner which shot raw ANSI to the caller as it progressed. I seem to recall it worked but it was brittle to work on. Normal people just bought somebody else’s program for $25 or whatever to do this for them.

Mirror of Software Creations, Apogee, and Id shareware

LORD upgrade bulletin

My graphics collection wasn’t very large, and was mostly in the .PCX graphic format. I had just gotten a 1024 x 768 SVGA monitor and a Logitech handheld black and white scanner.

The very first .GIF file I ever downloaded!

.GIF files were also new and novel to me, 800 x 600 pixels! 256 color! Photorealistic! They really made that Trident video card pop with what it could do. It’s funny to me because around that time .GIF files were relatively large, probably took thousands of dollars worth of scanner and PC to create them, probably came from CompuServe or a large membership BBS that cost $25/month and $2/hour to access, on top of the phone bill. (And they were all probably scans of copyrighted stuff which got a lot of boards in trouble). Now we regularly encourage taking and throwing away 12 megapixel HDR movies.

A single 256-color 640 x 480 image may have ran around 256 kilobytes in size. With a 14.4k modem, it downloaded about 1,440 characters per second, that image would have taken 177 seconds, or a hair under 3 minutes to download!

320 x 200 GIF

800 x 600 x 256 color GIF

Rusty n Edie’s BBS ads featuring their cat

640 x 480 GIF

Also right around this exact same time (April 1995) the Oklahoma City bombing happened. I had a couple of .GIFs of the FBI sketches going around looking for suspects that I had downloaded a couple days after it happened.

Oklahoma City bombing suspects sketch

There were a few apps still intact, like NCSA Mosaic and Netscape 1.0! Mosaic was the first browser I used, both of these were pre-HTTP/1.1 and pre-Javascript.

NCSA Mosaic 2.0 alpha 7

Netscape v1.0

 

Overall I’m very excited about the haul. I had low expectations with the recovery effort, but thrilled data was salvaged from 29 years ago. I’ll probably go through and upload a lot of the original BBS file areas to my new BBS and otherwise make them accessible, as there’s quite a few vintage DOS/Windows 3.11 apps in there.

I moved my desk!

TL;DR so awesome, so much room for activities I should have done this years ago

This is such an exciting game-changing, lifestyle change! I moved my desk!

Ever since I moved in years ago into my small apartment my desk has always been in my bedroom, where in my place in Redmond it had been in a 2nd bedroom-turned-office. I think at the time I said I didn’t want the clutter of my desk in the living room, and I primarily used a laptop for everything, so to bedroom exile it went. Despite having my larger monitor(s) and an actual chair, I used my desktop setup less and less, only actually using it for doing photo imports. Even during COVID and the resulting work from home I continued to work from my couch and coffee table on laptops. I did not want to wake up, roll over to my computer, and stay in the same room all day long!

The problem was I wound up cluttering up a shelf and the corner of my living room anyways and all the computers made my bedroom hot in the summer, even with a window open. To the point I would turn off systems in ikeacluster and some nights sleep on the couch, where my A/C was located. It also turns out the cats’ litter boxes create a ton of clay dust so my electronics got absolutely filthy over time and required regular dust blasting and vacuuming.

I knew if I was going to continue to do any WFH I need to move my desk where it was usable and comfortable again. I procrastinated for months, dreading re-wiring everything, taking down my Internet connection, and having something inevitably failing during the process. Last week I finally sucked it up, took extra backups, moved the shelf into the bedroom and moved the desk and all the computers into the livingroom.

Before hooking everything up, I opened up the cases, stood in the doorway and gave them all a good air blasting. It kicked up so much dust I got three separate “smoke detected” warnings from my smoke detector! All of the hard drives survived, but the PSU in one of my Linux machines did smell like smoke and went to heaven when I flipped it on, as about I expected. Pro-tip: order spare power supplies for your weird size PC cases.

After getting everything back together, what a difference it made! I took out an Ikea chair I didn’t use, but it all freed up so much floor space in both the bedroom and livingroom! Somehow the new configuration just worked a lot better than I expected. I had room for an even bigger shelf in the bedroom which was satisfied by a trip to IKEA. The bedroom was immediately WAY cooler and dead silent now. The living room now gets noticeably warmer if I don’t have the balcony door open, but at least I have more options to deal with the heat and hopefully this means I don’t have to run my space heater so much in the winter. Now I’m getting around to adding some RGB rizz and vibes to the setup, because why not.

TL;DR I hex edit a binary to make it work with my “newer” Courier modems

TL;DR 2: Less than 12 hours later posting I find an updated version of USRSTAT2.EXE from 1997 that fixed my bug and makes my hacking irrelevant

Way back on the US Robotics BBS (USR BBS) they had a door program that would display information about your modem connection from their BBS’s perspective. I always kind of assumed this was some door that talked to their Total Control modem rack over the network and gleamed connection statistics via SNMP or something. I used to run Total Controls later on at my ISP and they had a vast amount of information you could collect over the network and actually had a page written in PHP that would display connection speed to my callers.

Fast forward to the present with my new BBS and it got me to thinking about the old door on USR BBS. I really care about modem connections now, trying to squeeze as much performance out of VoIP to demonstrate it can be done. I knew call diagnostics stats were available on my US Robotics Courier modems via AT I6, I4, I11, just how do you display that to a caller? Browsing various BBS door archives then I found a few programs that said they’d display stats but I assumed they only worked with things like Supra/Diamond modems or were written for specific BBS software. It also seemed kind of crazy to have a door program send +++ commands to take over the modem while a caller as on. So I didn’t put much thought into it, written off as a forgotten wish.

Calling around to some new BBSs the other night I called up Another Millennium (949-59-31337, cute) and saw they had a USRstats page that looked like what I remembered from USR BBS! I looked around at what they were doing it with, it looks like they are running a version of USRSTATS for Maximus from 1995, which is its own compiled add-on.

USRSTATS – MEX on Another Millennium BBS

MODST

This got me back to looking at the doors that were out there like Modem Stats (MODST120.ZIP) and USRStats Generic (STGEN107.ZIP). Modem Stats was the first I got working. Despite being developed/tested apparently in a Remote Access + Diamond Supra modem environment, it worked just fine with Wildcat! and my USR Courier modems. Hooray!! It was a bit basic and just displayed raw ATI6 output to the caller, which I understand now was so that it provided generic output that would work with any modem. But it worked, finally!

Modem Stats (MODSTATS)

STGEN

Mentioned in the Modem Stats documentation was how it was inspired by STGEN, written by Joe Frankiewicz. So I went looking at STGEN and what it did. This looked more promising but when I got it working it would display part of a screenful of ANSI-formatted data and then abruptly end:

Broken USRSTAT2.EXE

Spending more time reading docs and playing with STGEN (and the modified STGEN-MC.EXE) I realized that STGEN handles comms with the BBS software, caller, and modem, but it saves raw AT-command output from the modem and feeds this to USRSTAT2.EXE, which actually parses the output and makes the pretty ANSI screens to display to the caller. If one were so inspired they could write their own USRSTAT2 replacement and generate whatever screens they wanted. The QuickBASIC source code to STGEN and STGEN-MC are included so you can even modify those till your heart’s content.

(STGEN108 contains both the original v1.07 source code written by Joseph C. Frankiewicz, and a binary+source of a revision called STGEN-MC written by Michael Conley 12/14/95. I’m running the STGEN-MC version but may refer to it as STGEN)

But why was USRSTAT2.EXE only displaying part of a screen? The fact that it cut off after displaying “Preemphasis” made me think it had a problem parsing the modem output, and indeed when I ran USRSTAT2 by hand while connected it threw a message saying “USRSTATS trapped error.”

Now I’m stuck, I don’t know what it’s dying on, there’s no source code for USRSTAT2 included, and a bunch of Google and BBS archive searches don’t turn up anything. It seems I have the latest version of USRSTAT2 that exists. I went back and looked at the USRSTATS MEX version for Maximus and wondered if that could be compiled as a standalone binary I could use with Wildcat. I noticed that the MEX version had a bunch of .LOC files that were output captures for various USR Courier models that it had been tested against. I wonder what would happen if I fed one of those to my USRSTAT2.EXE?

SUCCESS!

USRSTAT2 happily generated a full connection report from the files in the MEX version, including the frequency response table:

Correct USRSTAT2 output

Correct USRSTAT2 output

Now the question was why? I combed over the example VEVR1195.LOC file compared to the output STGEN-MC was grabbing from my modem. Command output was ordered differently, so using a text editor I moved blocks of output around, that didn’t help. Because USRSTAT2 was dying at “Preemphasis” I started looking at that line in the modem output. Ah hah! At least one line of modem output from my 1997-era Courier was slightly different than the 1995 Courier when STGEN/USRSTAT2 were written:

1995 Courier ATI11 output:
...
Preemphasis (-dB ) 8/8
...

1997 Courier ATI11 output:
...
Preemphasis Index 0/0
...

I manually changed that line in my modem output and boom, USRSTAT2 produced a full report! Now the question moved to “how do I fix this output on the fly?” STGEN-MC does a SHELL "USRSTAT2.EXE" directly, so there’s no way to modify the temp file before it’s fed to the report generator. I pondered re-compiling STGEN-MC to fix up the modem output on the fly, or having ChatGPT whip me up a C or Pascal shim to replace USRSTAT2.EXE, fix up the modem output, and call the real USRSTAT2.EXE.

After sleeping on it I wondered if I could get away with just hex editing USRSTAT2.EXE and fudge the string it’s looking for? So that’s what I did. Using WinHex, I found the instances that contained ‘Preemphasis (dB)’ and replaced them with ‘Preemphasis Index’, making sure to make the new string fit in the same spot.

 

USRSTAT2.EXE – Before

Fixing two strings

USRSTAT2.EXE – After hax

And it worked!!! It read in the output from my newer Courier modem and didn’t crash. I now have a functional STGEN-MC and USRSTAT2 door that produces pretty modem reports for callers. I know nothing about patching Windows binaries, so I don’t know how to distribute what’s about a 10 byte change.

I did notice at the very tail end of STGEN.DOC “Source code for the USRSTAT2.EXE module is NOT being released at this time, as development of that module WILL be continuing.” I have no idea if a new version has been released since then, if there is I haven’t found it.

 

As an aside, I didn’t know who Joseph Frankiewicz was until now. I was Googling his name to find out more about USRSTAT2 and found his name in an old German US Robotics FAQ usrfaq.txt file, where he talks about the USR BBS and USRSTAT and identifies as working at US Robotics. I found out through forum posts it turns out he was either the sysop of the USR BBS and/or an engineer with a ton of modem knowledge that interacted a lot with sysops. It would seem he wrote the original USR BBS door or at least the first PCBoard version if it, found as ST234B.ZIP “USR STATS V.234 BETA 5/22/94”. This zip file includes more documentation about his original USRSTAT.EXE program. I have no idea if he’s still developing software or still around.

Update 5/14/2024 7:00 PM

Less than 12 hours after I patched my USRSTAT2.EXE and typed up this post, I found USRST419.ZIP on sak.sk through random googling. This included USRSTAT2.EXE version 4.19 dated 2/28/97 which the change notes says it has fixes for “Total Control x2 modems, Courier x2 modems, newer Sportster modems, and fixed colorization of the Preemphasis fields.” This new version works right away with the STGEN-MC door and my Courier modems, making all my clever hacking completely obsolete. My ego is crushed a bit but I’m glad I found a newer version.

Taking a peek at the v4.19 binary it looks like it now can string compare three variants of the field I was having problems with, “Preemphasis (-dB)” “Preemphasis     (-dB)” and “Preemphasis Index”. I’m sure it has more string comparisons to handle other newer modems but I didn’t check them that closely.

USRSTAT2 v4.19 2/28/97

Google is very frustrating to search for anything named ‘USR’ because it desperately wants to add inflection even with quotes, and a few decades of indexing unix things with “/usr” sure isn’t helping.

(Rant warning) TL;DR I gripe at how complicated it gets and offer no solutions. I really do like what Let’s Encrypt offers. Just getting there figuring out what options work and don’t work is work. I don’t know how the muggles manage it.

TL;DR 2: HTTP-01 was out because of internal sites. DNS-01 was the only option, but I don’t use 3rd party DNS with APIs to handle automated challenge updates. Wound up installing a standalone ACME-DNS server for challenge responses.

I finally got annoyed enough at my TLS certificates that I started seriously trying to use Let’s Encrypt and ACME. I only have a couple of normal public-facing websites running on port 443 on the Internet, but internally I have a small army of Ubiquiti EdgeRouters, switches, wireless bridges, UniFi wireless controllers, Raspberry Pis, and other software with web servers on ports other than 80/443 that all need certificates. For years I’ve ran my own private CA to issue certificates, but it’s the same problem as commercial certificates to issue them and load them on all of my devices. Some browsers like Chrome now bitch at self-signed certificates in some cases too, so that’s not really a fix either.

One could say “but ha ha only suckers use web interfaces on routers”, which is true, but on occasion I do use them I’m reminded of the stupid problem of a long expired certificate and have to jump through the browser warning hoops every time that yes I’m yolo’ing to this allegedly sketchy device. A lot of the Ubiquiti stuff is only manageable over WebUI. This goes double if I’m on a new device that doesn’t have my private CA root certificates installed, or Android which makes it really difficult to install a private root CA. Triple combo pain if you’ve accidentally configured HTTP Strict Transport Security with a long lifetime to cover sub-domains and you try to reach something internally with a hostname with that domain with a bad certificate and the browser is like fuck you I won’t let you visit this site at all! This is where Chome’s ‘thisisunsafe’ override really comes in handy! I just want stuff to work and go about my day man, and not leak passwords.

No to HTTP-01

I can’t just throw certbot or acme.sh everywhere and call the problem solved. First of all not all of my devices are exposed to the Internet to accept HTTP-01 challenges from random sources, not to mention the non port-443 services. (God bless them for having a mix of IPv4 and IPv6 probe sources to handle IPv6-only endpoints which helps.) For the whole existence of Let’s Encrypt every year I thought about this problem I would look up how to do run my own ACME server with my private CA, groan at the apparent effort learning the whole ACME protocol and leave it.

DNS-01 with caveats

That leaves me with DNS-01 challenges. The problem here is that I don’t use a cloudy/third-party DNS provider that has an API where I can automatically update TXT records for automatic certificate renewals. I run straight up BIND and further my authoritative servers each use independent replicated master files with no slaving. This means any kind of dynamic updates to my DNS would have to go to each DNS server. I do have a few dynamically-updated A/AAAA records in sub-zones and for years I’ve just been running nsupdate twice, one for each authoritative server, and this has worked fine. ACME clients I’ve seen don’t support nsupdate to multiple servers, so this would be a hack to carry around.

I’m not casually replacing BIND nor throwing it all on the cloud. This recently lead to me to thinking ok fine maybe it’s not so bad doing a master/slave of my dynamic zones, that way an ACME client would only have to update one. This then lead me what to do about zone keys distribution. I’d have to copy the same master TSIG key around to all of my devices, or create a TSIG key per domain, sub-zone, or per device/A/AAAA record, which gets tedious and unpalatable.

acme-dns

I retreated and thought surely others have hit this problem too. This lead me to the acme-dns server project. It’s a little standalone DNS server that does nothing but serve up TXT records and has a simple REST API. I set it up on my internal IPv6 network so all of my internal devices can reach the API, and expose the DNS server on port 53 to the Internet so DNS-01 challenges are queryable. In my master zone files I delegate a sub-domain via NS record to the acme-dns IP address, and then create CNAMEs that point at that sub-domain so all challenges go to the acme-dns server. This is where I praise Let’s Encrypt for having IPv6 probes, they can reach my acme-dns server without having to burn a public IPv4 address just for it.

It took me a while to figure out how to actually use the thing. Certbot requires yet another thing to be installed, an acme-dns hook program. Have I mentioned how complicated this whole ecosystem is? acme.sh already includes a hook. Rant 1: good lord that thing is one massive unit of a Bash script. Rant 2: I really do not like it when installation instructions are “here just curl | sh”. It doesn’t just download a single file, it downloads several directories of files and shoves stuff into your crontab. Who knows what else it did. Must find DEB/RPM packages of that sucker.

Ok so now for each and every hostname+FQDN you want a certificate you want, you have to hit the /register endpoint of the acme-dns server first with a curl POST request. This generates a “username”, password, and a string for a sub-domain. This only exists in the acme-dns server database. If for example I had gw1.example.com, I would now add a record in my zone file that says “_acme-challenge.gw1.example.com.  IN CNAME asdf-asdf-asdf-asdf-asdf-asdf.acme-dns.example.com.” *.acme-dns.example.com is already delegated via NS record to the acme-dns instance. This is tedious and annoying to do for a bunch of hostnames but it’s for the greater good and only has to be done once fortunately. By default acme-dns uses SQLite (or Postgres), so either way back that sucker up or you’ll have to re-generate every single one of your domain usernames when something dies.

Then for each and every hostname, take the username/password/subdomain, feed them into environment variables and then run acme.sh to issue the certificates. Witness the gigantic scripts in action!  Stuff going to the CA, TXT records being fed to acme-DNS, stuff going to the DNS server, stuff coming back from the CA, more stuff going back and forth!  If you’re lucky you get a few certificate and key files left. If you’re unlucky, good luck troubleshooting which step in this whole process broke down.

Finally, certificates!

Now you have certificates, what to do with them! This is another whole bear of a problem to tackle because there’s an infinite amount of web servers and directories to insert certificates into. Again there’s a whole ecosystem of Certbot/acme.sh deployment hooks that try to handle your webserver. Also remember by default this is all happening within your home directory, so keys have to be copied to secure system directories owned by root too. This is where I’m at now. I have some devices like Ubiquiti EdgeSwitches that can’t run an ACME client directly, so I have to rig up things to scp over the certificates.

I hope all of this just magically works and auto-renews in 90 days, what a pain to set up!

TRS-80 video fixed!

Good news! A new video RAM chip fixed the lingering video artifacts I had. I looked up the IC model that was in it “HM6116LP-2” and found some on eBay. I had to wait a couple of weeks for them to arrive from China, but popped the first one in and it worked like a charm. Now I have four extra SRAM, what to do.

After scant Reddit and YouTube review browsing I ordered up a Rigol DHO814 oscilloscope to take on floppy drive repair. It’s a bit of a letdown that it seems like it’s just a glorified Android tablet with inputs, but maybe they all are these days.

Original chip with problems in center

« Newer Posts - Older Posts »